xworm | (((([.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

((((.exe
Size

54KB
MD5

771436ae9dd04e20c4fd38b85c074194
SHA1

365a88a51447caba639fc0680a7a123e59ff7b11
SHA256

2fe77b02d62e45f663d3318b711364f852c4e2b38f3ab60434f16674f8d22f10
SHA512

6ea2b14e04c5c14a9d610e327d797075789424d9f6fe3b2f3eee7b07d40ebe7d82a332a963a3edacb87a15ceb3d0b2d513cc6eaf20a3bf4e290b4784fbfd8113
SSDEEP

1536:Rtmn1Y9HAPTFZfLClS0MkbEWc/kn/OZmb:RMC9HiJZfLClCkbx5/OZo

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
((((.exe

Files

((((.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ